TSA’s Embarrassing “Double ID” Rule

I’ve written here before about the Clear card, which allows people to prove their membership in the Transportation Security Administration’s Registered Traveler program without telling TSA who they are. I disapprove of Registered Traveler, but if it’s going to exist, the Clear card system’s restrictiveness with users’ identities is a key anti-surveillance feature.

Steven Brill, the Chairman and CEO of Clear, is one of the witnesses, and he has some choice criticisms of TSA.

The anti-surveillance feature in Clear? Undone by incoherent TSA dictates:

Beginning last fall, TSA suddenly required that RT members using the RT line show a picture ID and their RT card right before entering the line. These are the same RT cards that, when put into the RT kiosk, will use the traveler’s fingerprint or iris scan to biometrically match the user to the data embedded in the card. That’s right, RT members are the only travelers who must present TWO forms of identification.

In case it’s not (ahem) clear to you, the Clear system checks government-issued ID and collects biometric information on enrollment. It does a background check on that identity, and ties the approval/credential to the biometric on the card.

The Clear kiosk does a far more reliable comparison of the biometric on the card to the individual presenting him- or herself at the airport than any TSA screener is going to do looking at driver’s license pictures. Yet, Clear card holders still have to show a government-issued ID. The “Double ID” rule is nonsensical, embarrassing, and stupid.

To top it off, Brill tells how the TSA’s rules would require a twelve-year to show two forms of ID if he or she is a Clear card-holding registered traveler (as youngsters can be with the approval of their parents), even though kids under 18 don’t have to show any ID at all in the ordinary airport security line.

Digital identity managment systems like this will grow more important as more and more of our interactions and transactions are conducted using digital technology. Data from digital transactions are almost always put in databases where, unlike analog records, they remain easily available for copying, sharing, and reuse. Resisting unnecessary data collection (often referred to as “data minimization”) is the key response to this problem.

Systems like Clear, which prove a credential without sharing identity information, minimize data collection by design. The phrase “digital identity management” is often used inaptly, I think, to denote an organization’s efforts to control the access given to employees, customers, etc. Clear is a true “digital identity management” system because, well, it allows people to manage and control their identity information.

Jim Harper / Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.